vendor/shopware/core/Framework/Api/Acl/AclAnnotationValidator.php line 45

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Acl;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  7. use Shopware\Core\Framework\Log\Package;
  8. use Shopware\Core\Framework\Routing\Annotation\Acl;
  9. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  10. use Shopware\Core\Framework\Uuid\Uuid;
  11. use Shopware\Core\PlatformRequest;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  15. use Symfony\Component\HttpKernel\KernelEvents;
  17. /**
  18. * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  19. */
  20. #[Package('core')]
  21. class AclAnnotationValidator implements EventSubscriberInterface
  22. {
  23. private Connection $connection;
  25. /**
  26. * @internal
  27. */
  28. public function __construct(Connection $connection)
  29. {
  30. $this->connection = $connection;
  31. }
  33. /**
  34. * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  35. */
  36. public static function getSubscribedEvents()
  37. {
  38. return [
  39. KernelEvents::CONTROLLER => [
  40. ['validate', KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  41. ],
  42. ];
  43. }
  45. public function validate(ControllerEvent $event): void
  46. {
  47. $request = $event->getRequest();
  49. $privileges = $request->attributes->get(PlatformRequest::ATTRIBUTE_ACL);
  51. if (!$privileges) {
  52. return;
  53. }
  55. if ($privileges instanceof Acl) {
  56. $privileges = $privileges->getValue();
  57. }
  59. $context = $request->attributes->get(PlatformRequest::ATTRIBUTE_CONTEXT_OBJECT);
  60. if ($context === null) {
  61. throw new MissingPrivilegeException([]);
  62. }
  64. foreach ($privileges as $privilege) {
  65. if ($privilege === 'app') {
  66. if ($context->isAllowed('app.all')) {
  67. return;
  68. }
  70. $privilege = $this->getAppPrivilege($request);
  71. }
  73. if (!$context->isAllowed($privilege)) {
  74. throw new MissingPrivilegeException([$privilege]);
  75. }
  76. }
  77. }
  79. private function getAppPrivilege(Request $request): string
  80. {
  81. $actionId = $request->get('id');
  83. if (empty($actionId)) {
  84. throw new MissingPrivilegeException();
  85. }
  87. $appName = $this->connection->fetchOne(
  88. '
  89. SELECT `app`.`name` AS `name`
  90. FROM `app`
  91. INNER JOIN `app_action_button` ON `app`.`id` = `app_action_button`.`app_id`
  92. WHERE `app_action_button`.`id` = :id
  93. ',
  94. ['id' => Uuid::fromHexToBytes($actionId)],
  95. );
  97. return 'app.' . $appName;
  98. }
  99. }